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Abstract 

Motivated by questions in property testing, we search for linear error-correcting codes that 
have the "single local orbit" property: i.e., they are specified by a single local constraint and its 
translations under the symmetry group of the code. We show that the dual of every "sparse" 
binary code -whose coordinates are indexed by elements of for prime n, and -whose symmetry 
group includes the group of non-singular affine transformations of , has the single local orbit 
property. (A code is said to be sparse if it contains polynomially many code-words in its block 
length.) In particular this class includes the dual-BCH codes for -whose duals (i.e., for BCH 
codes) simple bases -were not known. Our result gives the first short (O(n)-bit, as opposed to 
the natural exp(n)-bit) description of a low-weight basis for BCH codes. 

The interest in the "single local orbit" property comes from the recent result of Kaufman 
and Sudan (STOC 2008) that shows that the duals of codes that have the single local orbit 
property under the affine symmetry group are locally testable. When combined with our main 
result, this shows that all sparse affine-invariant codes over the coordinates F2" for prime n are 
locally testable. 

If, in addition to n being prime, if 2" — 1 is also prime (i.e., 2" — 1 is a Mersenne prime), then 
we get that every sparse cyclic code also has the single local orbit. In particular this implies 
that BCH codes of Mersenne prime length are generated by a single low-weight codeword and 
its cyclic shifts. 

In retrospect, the single local orbit property has been central to most previous results in 
algebraic property testing. However, in the previous cases, the single local property was almost 
"evident" for the code in question (the single local constraint was explicitly known, and it is 
a simple algebraic exercise to show that its translations under the symmetry group completely 
characterize the code). Our work gives an alternate proof of the single local orbit property, 
effectively by counting, and its effectiveness is demonstrated by the fact that we are able to 
analyze it in cases where even the local constraint is not "explicitly" known. Our techniques 
involve the use of recent results from additive number theory to prove that the codes we consider, 
and related codes emerging from our proofs, have high distance. We then combine these with 
the Mac Williams identities and some careful analysis of the invariance properties to derive our 
results. 
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1 Introduction 



Motivated by questions about the local testability of some well-known error-correcting codes, in 
this paper we examine their "invariance" properties. Invariances of codes are a well-studied concept 
(see, for instance, [111 Chapters 7, 8.5, and 13.9]) and yet we reveal some new properties of BCH 
codes. In the process we also find broad classes of sparse codes that are locally testable. We 
describe our problems and results in detail below. 

A code C C is said to be locally testable if membership of a word w G in the code C can 
be checked probabilitistically by a few probes into w. The famed "linearity test" of Blum, Luby 
and Rubinfeld [2] may be considered the first result to show that some code is locally testable. 
Locally testable codes were formally defined by Rubinfeld and Sudan [TTj. The first substantial 
study of locally testable codes was conducted by Goldreich and Sudan [9|, where the principal 
focus was the construction of locally testable codes of high rate. Local testing of codes is eff'ectively 
equivalent to property testing [171 18] with the difference being that the emphasis here is when C is 
an error-correcting code, i.e., elements of C are pairwise far from each other. 

A wide variety of "classical" codes are by now known to be locally testable, including Hadamard 
codes p], Reed-Muller codes of various parameters [171 [U [l3l [TO] , dual-BCH codes [HKH], turning 
attention to the question: What broad characteristics of codes are necessary, or sufficient, for codes 
to be locally testable. One characteristic explored in the recent work of Kaufman and Sudan 
is the "invariance group" of the code, which we describe next. 

Let [A^] denote the set of integers {!,..., A}. A code C C F^ is said to be invariant under 
a permutation vr : [N] [N] if for every a = (ai,...,Oiv) E C, it is the case that a o vr = 
(a7r(i), . . . , a-n-(N)) is also in C. The set of permutations under which any code C is invariant forms a 
group under composition and we refer to it as the invariant group. [15] suggested that the invariant 
group of a code may play an important role in its testability. They supported their suggestion by 
showing that if the invariant group is an "affine group" , then a "linear" code whose "dual" has the 
"single local orbit" property is locally testable. We explain these terms (in a restricted setting) 
below. 

Let A = 2" and let C C F2^ be a code. In this case we can associate the coordinate set [A] of the 
code C with the field ¥2^. Now consider the permutations vr : F2'i — >■ F21 of the form 7r(x) = ax + P 
where a £ ¥2^ — {0} and /? € F2n. This set is closed under composition and we refer to this as 
the affine group. If C is invariant under every vr in the affine group, then we say that C is affine- 
invariant. We say that C is linear if it is a vector subspace of The dual of C, denoted C"*", is 
the null space of C as a vector space. 

We now define the final term above, namely, the "single local orbit property". Let G be a group 
of permutations mapping [A^] to [A]. For b G F^, let its weight, denoted wt(6), be the number of 
non-zero elements of b. A code C is said to have the k-single orbit property under G if there exists 
an element b G ¥2 of weight at most k such that C = Span({6 o 7r|7r G G}), where Span(5) = 
{"^iCibilci G ¥2,bi G S}. Two groups are of special interest to us in this work. The first is the 
affine group on F2n. A second group of interest to us is the "cyclic group" on Fgn = ¥2^^ — {0} 
given by the permutations iTa{x) = ax for a G F2n. (Note that if u is a multiplicative generator 
of Fgn and the coordinates of C are ordered {uj,lu^, . . . ,lo'^"~^ = 1) then each vTa is simply a cyclic 
permutation.) 
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The invariance groups of codes are well-studied objects. In particular codes that are invariant 
under cyclic permutations, known as cyclic codes, are widely studied and include many common 
algebraic codes (under appropriate ordering of the coordinates and with some slight modifications, 
see [H] or [16]). The fact that many codes are also affine-invariant is also explicitly noted and used 
in the literature |16j . 

Conditions under which codes have the single-orbit property under any given group, seem to be 
less well-studied. This is somewhat surprising given that the single-orbit property implies very 
succinct (nearly explicit) descriptions (of size klogN as opposed to A^^) of bases for codes (that 
have the /c-single orbit property under some standard group). Even for such commonly studied 
codes such as the BCH codes such explicit descriptions of bases were not known prior to this work. 
In retrospect, the single orbit property was being exploited in previous results in algebraic property 
testing [21 [T71 dl [131 lO] though this fact was not explicit until the work of [T5] . 

In this work we explore the single orbit property under the affine group for codes on the coordinate 
set F2'i , as also the single orbit property under the cyclic group for codes over . We show that the 
dual of every "sparse" affine-invariant code (i.e., codes with at most polynomially many codewords 
in N) has the /c-single orbit property under the affine group for some constant k, provided N = 2^ 
for prime n (see Theorem |4|). When — 1 is also prime, it turns out that the duals of sparse 
codes have the /c-single orbit property under the cyclic group for some constant k yielding an even 
stronger condition on the basis (see Theorem [5]) . Both theorems shed new light on well-studied 
codes including BCH codes. 

In particular the first theorem has immediate implications for testing and shows that every sparse 
affine invariant code is locally testable. This merits comparison with the results of [Hj who show 
that sparse high-distance codes are locally testable. While syntactically the results seem orthogonal 
(ours require affine-invariance whereas theirs required high-distance) it turns out (as we show in 
this paper) that all the codes we consider do have high-distance. Yet for the codes we consider our 
results are more constructive in that they not only prove the "existence" of a local test, but give a 
much more "explicit" description of the tester: Our tester is described by a single low-weight word 
in the dual and tests that a random affine permutation of this word is orthogonal to the word being 
tested. 

Given a code of interest to us, we first study the algebraic structure of the given code by representing 
codewords as polynomials and studying the degree patterns among the support of these polynomials. 
We interpret the single orbit property in this language; and this focusses our attention on a collection 
of closely related codes. We then turn to recent results from additive number theory [H [31 [H [H [7] 
and apply them to the dual of the given code, as well as the other related codes that arise from 
our algebraic study, to lower bound their distance. In turn, using the MacWilliams identities (as in 
prior work |14j ) this translates to some information on the weight-distribution of the given code and 
the related ones. Some simple counting now yields that the given code must have the single-orbit 
property. 

We believe that our techniques are of interest, beyond just the theorems they yield. In particular we 
feel that techniques to assert the single-orbit property are quite limited in the literature. Indeed in 

^In contrast the tester of [14] was less "explicit". It merely proved the existence of many low weight codewords in 
the dual of the code being tested and proved that the test which picked one of these low-weight codewords uniformly 
at random and tested orthogonality of the given word to this dual codeword was a sound test. 
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all previous results [21 [T71 [U [131 [IH] this property was "evident" for the code: The local constraint 
whose orbit generated a basis for all constraints was explicitly known, and the algebra needed to 
prove this fact was simple. Our results are the first to consider the setting where the basis is not 
explicitly known (even after our work) and manages to bring in non-algebraic tools to handle such 
cases. We believe that the approach is potentially interesting in broader settings. 

2 Definitions and main results 

We recall some basic notation. [N] denotes the set {1, . . . , A^}. Fg denotes the finite field with q 
elements and F* will denote the non-zero elements of this field. We will consider codes contained in 
the vector space ¥2 ■ For a word a = (ai, . . . , cat) G F2' its support is the set Supp(a) = {i\ai 7^ 0} 
and its weight is the quantity wt(a) = |Supp(a)|. For a = {ai)i, and b = {hi)i G F2'^ define the 
relative distance between a, 5 as 6{a,b) = jj \{i \ ai ^ bi}\. Note 5{a,b) = '^^^^ . 

A binary code C is a subset of F2'. The (relative) distance of C is S{C) = mma^b£C;a^b{Ho-^ b)}. 

For a set of vectors S = {vi, . . . , Vk} ^ F^, let Span(S') = {Yli=i . . . , Ofc G F2} denote the 

linear span of S. C is a linear code if its codewords form a vector space in {0, 1}^ over F2, i.e., if 
Span(C) = C. For a,b G F^, let a • 6 = - aibi denote the inner product of a and b. The dual of C 
is the code C-^ = {6 G F^ | 6 • a = 0, Va G C}. 

We will alternate between viewing a G F^ as a vector a = (ai , . . . , oat) and as a function a : D — > F2 
where D will be some appropriate domain of size N . Two particular domains of interest to us will 
be F2"^ and F2n . 

2.1 Invariance and the single local orbit property 

Let a G F^ be viewed as a function a : D ^ F2 for some domain D of size A^. Let vr : — > D be a 
permutation of D. The 7r-rotation of a is the function a o tt : L> — > F2 given by a o 7r(i) = o(7r(i)) 
for every i £ D. 

Let D be a set of size and let F^ denote the set of functions from Z) — > F2. A code C C F^ is 
said to be invariant under a permutation tt : D ^ D \i for every a G C, it is the case that a o vr G C. 
The set of permutations under which a code C is invariant forms a group under composition and 
we refer to it as the invariant group of a code. 

We will be interested in studying codes that are invariant under some well-studied groups (i.e., 
whose invariant groups contain some well-studied groups). Two groups of interest to us are the 
affine group over F21 and the cyclic group over Fgn. In what follows we let N = 2"' and view F^ 
as the set of functions from F2" to F2 and F^"^ as the set of functions from Fgn to F2. 

Definition 1 (AfRne invariance) A function vr : F2" F21 is an affine permutation if there 
exist a G Fgn and (3 G F2n such that 7r(x) = ax + b. The afhne group over consists of all the 
affine permutations over ¥2" ■ A code C C F2' is said to be affine invariant if the invariant group of 
C contains the affine group. 
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Definition 2 (Cyclic invariance) A function vr : Fgn Fgn is a cyclic permutation if it is of 
the form 7r(x) = ax for a G F2n . El The cyclic group over Fgn consists of all the cyclic permutations 
over ¥211.. A code C C F^~^ is said to be cyclic invariant (or simply cyclic) if the invariant group 
of C contains the cyclic group. 

Many well-known families of codes (with minor variations) are known to be affine-invariant and/or 
cyclic. In particular BCH codes are cyclic and Reed-Muller codes are affine-invariant. Furthermore 
under a simple "extension" operation BCH codes become affine-invariant, and vice versa under a 
simple puncturing operation, Reed-Muller codes become cyclic. We elaborate on these later. 

In this paper our aim is to show that certain families of affine-invariant and cyclic codes have a 
simple description, that we call a "single-orbit description". We define this term next. 

Definition 3 (A;-singIe orbit code) Let F^ be the collection of functions from D to ¥2 for some 
domain D. Let G be a group of permutations from D to D. A linear code C C ¥2 is said to 
have the k-single orbit property under the group G if there exists a ^ C with wt(a) < k such that 
C = Span({a o vrlvr G G}). 

In particular the A:-single orbit property under the affine group has implications to testing that we 
discuss in Section [231 

2.2 Main results 

Our main results show that, under certain conditions, duals of "sparse" codes have the single orbit 
property for small k. By "sparse" we mean that the code has only polynomially many codewords 
in the length of the codewords. 

Our first result considers affine-invariant codes. 

Theorem 4 (Single orbit property in affine-invariant codes) For every t > there exists a 
k = k{t) such that for every prime n the following holds: Let N = 2^ and C C F^ he a linear 
affine-invariant code containing at most codewords. Then C"*" has the k-single orbit property 
under the affine group. 

Next we present our main theorem for cyclic codes. 

Theorem 5 (Single orbit property in cyclic codes) For every t there exists a k such that the 
following holds: Let n he such that 2" — 1 is prime. Let C C F^^"*^ be a linear, cyclic invariant, 
code with at most codewords. Then has the k-single orbit property under the cyclic group. 

We remark that it is not known if there are infinitely many n such that 2" — 1 is prime. Of course 
if there are only finitely many such primes then our theorem becomes "trivial". Nevertheless, as 
things stand, the question of whether the number of such primes is infinite or not is unresolved (and 
indeed there are conjectures suggesting there are infinitely many such primes), and so unconditional 
result should remain interesting. 

^Note that this is a permutation of if the elements of are enumerated as {lu,uj'^, . . . ,lu^~''') where a; is a 
multiplicative generator of F^™ . 
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2.3 Implications to property testing 

It follows from the work of ^15j that codes with a single local orbit under the affine symmetry group 
are locally testable. We recall some basic definitions below and summarize the implication of our 
main theorem to testability. 

Definition 6 (Locally testable code [9j) A code C C W2 is (fc, a) -locally testable if there exists 
a probabilistic algorithm T called the tester that, given oracle access to a vector v G makes at 
most k, queries to the oracle for v and accepts v (z C with probability 1, while rejecting v ^ C with 
probability at least a ■ 6{v,C). C is said to be locally testable if there exist k < 00 and a > such 
that C is {k,a)-locally testable. 

We note that the above definition corresponds to the strong definition of local testability ([9l 
Definition 2.2]). We now state the result of [15] on the testability of affine-invariant codes with the 
single local orbit property. 

Theorem 7 ([15j) If C CI is linear and has the k-single orbit property under the affine group, 
then C is {k,Q{l/k'^)) -locally testable. 

We note that in [T5] the single-orbit property under the affine group is described as the "strong 
formal characterization" . 

Our main theorem, Theorem U when combined with the above theorem, immediately yields the 
following implication for sparse affine invariant codes. 

Corollary 8 For every constant t there exists a constant k such that ifCCl F^ is a linear, affine- 
invariant code with at most codewords, then C is {k,d{l/k'^)) -locally testable. 

2.4 Implications to BCH codes 

In addition to the implications for the testability of sparse affine-invariant codes, our results also 
give new structural insight into the classical BCH codes. Even though these codes have been around 
a long time, and used often in the CS literature, some very basic questions about them are little 
understood. We describe the codes, the unanswered questions about them, and the implications of 
our work in this context below. 

We start by defining the BCH codes and the extended-BCH codes. The former are classical cyclic 
codes, and the latter are affine-invariant. 

Let Trace : F2n — > F2 be the function Trace(rE) = j; + + . . . + x^" ^ . We define the BCH codes 
by defining their dual. 

Definition 9 For every pair of integers n and t, the (binary) dual-BCH code with parameters n 
andt, denoted BCH(n, t)-*- C F^~^ consists of the evaluations of traces of polynomials of degree 2t 
over ¥271. I.e., 

BCH(n,t)^ = {(Trace(/(a))),eF;J/ G Fan [x], deg(/) < 2t} 
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The BCH code BCH(n,t) is simply the dual o/BCH(n, t)-*". 

The extended dual-BCH code eBCH(n, t)-*" C is simply the evaluation of the same functions 
over all of ¥2", and eBCH(n, t) is its dual. 

(We note that the more common definition of BCH codes is as the subfield subcodes of Reed 
Solomon codes, with BCH(n, t) being the subfield subcodes of RS codes of degree — 2i — 1. But 
it is a folklore fact that the two definitions are equivalent.) 

Even though the BCH codes are very classical codes, much is unknown about them. For instance, 
while it is easy to see (by a counting argument) that the BCH code BCH (re, t) must have codewords 
of weight 2t + 1, such words are not known "explicitly". Till recently it was not known that the 
set of codes of low weight even generate the BCH code, and this was answered affirmatively only 
recently by Kaufman and Litsyn [12] who showed that words of weight 2t + 1 and 2t + 2 certainly 
include a basis for the BCH code. This proof remains "non-explicit" and the most "succinct" 
description of this basis is via 0{Nt) field elements of ¥2^. 

Our result manages to make progress on the second question (that of finding an explicit basis) 
without making progress on the first, by showing that the affine orbit (or in some cases the cyclic 
orbit) of a single low-weight codeword gives a basis for the BCH code. While this single codeword 
is still not explicit, the rest of the basis is explicit given the codeword! We state these implications 
formally below. 

Corollary 10 For every t there exists a k such that for all prime n, eBCH(n, t) has the k-single 
orbit property under the affine group. 

The above follows from Theorem U] using the observation that eBCH(re, t) is sparse (has A^°(*) 
codewords) and affine invariant. 

Corollary 11 For every t there exists a k such that for all n such that 2" — 1 is prime, BCH(re, t) 
has the k-single orbit property under the cyclic group. 

The above follows from Theorem [5] using the observation that BCH(re, t) is sparse (has A^°(*) 
codewords) and cyclic invariant. 

We remark that questions of this nature are relevant not only to coding theory, but also to com- 
puting. For instance a recurring question in CS is to find explicit balls of small radius in tightly 
packed codes that contain many codewords. While we do not make progress toward such questions 
here, we believe that such questions face difficulty similar to ours. In particular these questions 
need to find explicit low- weight vectors (not in the code) that contain many low- weight codewords. 

Finally, we point out that the need for various parameters (re and 2" — 1) being prime is a conse- 
quence of the application of some recent results in additive number theory that we use to show that 
certain codes have very high distance. We do not believe such assumptions ought to be necessary; 
however we do not see any immediate path to resolving the "stronger" number-theoretic questions 
that would arise by allowing n to be non-prime. 
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3 Overview of techniques 

Our main theorems are proved essentially by implementing the following plan: 

1. We first show that every codeword in the codes we consider are expressible as the Traces of 
sparse polynomials. In the affine-invariant case we also show that these polynomials have 
somewhat low-degree, i.e., at most A^^"*^. This part follows standard literature in coding 
theory (and similar steps were employed already in jl5j). 

2. We then apply the recent results in additive number theory to conclude that these codes have 
very high distance. This already suffices to show that the affine-invariant codes are testable 
by [H]. However the tests given there are "non-explicit" and we need to work further to get 
an "explicit" test for these codes, or to show the single-orbit condition. 

3. The final, and the novel part of this work, is to show by a counting argument, that there 
exists one (in fact many) low- weight codewords in the dual of the codes we consider such that 
their orbit spans the dual. 

We elaborate on these steps in detail below, laying out precise statements we will prove. 
We start with some notation. Recall = 2" and n is prime. 

Also, we view elements c € as functions c : Fjv ^2- Let {F^v — > F2} denote the set of all such 
functions. Similarly we view elements c G F^~^ as functions F^ — > F2 and let {F^ — F2} denote 
the set of all such functions. 

For d G {!,... ,A^-2}, let orb((i) = {fi,2ci(mod N-l),4d{mod N -1), . . . ,2'^-^d{mod A^-1)}. By 
the primality of n, we have that |orb((i)| = n for every d. Let min-orb((i) denote the smallest integer 
inorb((i), and let D = {min-orb((i) | d G {1, . . . , A^ - 2}} U {A^ - 1}. Note that {Vl = l + {N-2)/n. 

For D C P let 



The first step in our analysis of codes invariant over the affine group (resp. cyclic group) is that 
such codes can be associated uniquely with a set D (^T> so that every codeword in our code is the 
evaluation of the trace of a polynomial from the associated family Pn,d over F^r (resp. Pn-i,d 



Lemma 12 For every cyclic-invariant code C Q {F|^ — > F2} there exists a set D T> such that 
c £ C if and only if there exists a polynomial p G Pn-i,d such that c{x) = Trace(p(x)) for every 
X G F^. Furthermore \D\ < t if \C\ < NK 

Similarly, for every affine-invariant code C C {F^v — > F2} of cardinality N^, there exists a set C D 
such that c (z C if and only if there exists a polynomial p G Pn,d such that c{x) = Trace(p(x)) for 
every x G Fjv- Furthermore, if \C\ < A^*, then \D\ < t and D C {1, . . . , N^~^/^}. 





over F^). 
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Thus in both cases codes are represented by cohections of t-sparse polynomials. And in the affine- 
invariant case, these are also somewhat low-degree polynomials. In what follows we use Cm{D) 
to denote the code {Trace(p(x))|p € Pn,d} and Cn-i{D) to denote the code {Trace(p(x))|p G 
Pn-i,d}. 

We next use a (small variant of a) theorem due to Bourgain [3j to conclude that the codes Cn{D) 
and Cn-i{D) have very high distance (under the given conditions on D). 

Theorem 13 (|^) For every e > and r < oo, there is a 6 > such that for every prime n the 
following holds: Let N = 2^ and F = Fjv and let f{x) = Yl\=i o-iX^^ £ ¥[x\ with Ui G F, satisfy 



1. l<ki<N -I 

2. {ki, N - I) < N'^^" for every I <i <r 

3. {ki - kj,N -1) < N'^^^ for every 1 < i ^ j < r 



^ Trace(/(x)) 



We note that strictly speaking, [3l Theorem 7], only considers the case where A'^ is prime, and 
considers the sum of any character from F to the complexes (not just (— We note that 
the proof extends to cases where N = 2" where n is prime as well. We comment on the places 
where the proof in [3] (and related papers) have to be changed to get the result in our case, in 
Appendix El 

In our language the above theorem implies that codes represented by sparse polynomials of some- 
what low-degree have large distance. Furthermore if the polynomials are sparse, and A^ — 1 is prime, 
then also the codes have large distance. We thus get the following implication. 



Lemma 14 For every t there exists a 6 such that the following holds for every A = 2" for prime 
n. Let D = 'D{N) and let D Q V be of size at most t. Then the code C = Cn{D) satisfies 
\-N-^ < 6{C) < ^+N-^. 

Similarly for every t there exists a 6 such that the following holds for for every A = 2" such that 
N — 1 is prime. Let V = V{N) and let D CD be of size at most t. Then the C = Cn-i{D) satisfies 
1 _Ar-<5 < s{e) < i + A--^. 

We remark that such use of results from number theory in coding theory is also common. For 
example, the distance of the sparse dual-BCH codes is inferred by using the "Weil bound" on 
exponential sums in a similar manner. 

We now move to the crucial part of the paper where we attempt to use counting style arguments 
to claim that the codes we are considering have the single orbit property for small k. Here our plan 
is as follows. 

We first use a result from ^14j to show that for any specific code C we consider and for every 
sufficiently large k, its dual has roughly (^)/|C| codewords of weight k (this bound is tight to 
within 1 ± 0(1/A'^) factor, for large enough k (where k is independent of A and depends only on 
t, c and the 5 of Lemma [T^ . Specifically they show: 
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Theorem 15 ( [14| Lemma 3.5) For every c, t < oo and S > there exists a ko such that for 
every k > ko and for every code C C with at most A^* codewords satisfying ^ — A^"'' < 5{C) < 
^ + A^"*^ it is the case the has ('^) • (1 it 9{N~'^) codewords of weight k. 

Thus for any code C = C{D) under consideration, this ahows us to conclude that has many 
codewords of weight k (for sufficiently large, but constant k). What remains to be shown is that 
the orbit of one of these, under the appropriate group (affine or cyclic) contains a basis for the 
whole code C^. To do so, we consider any codeword x of weight k in the dual whose orbit under the 
group does not contain a basis for (i.e., Span({x ottItt}) / C"*-). We show that every such word 
X there is a set D' (I'D oi size \D'\ = \D\ + 1 such that x € C{D')^ . The size of C{D') is roughly 
a factor of A'^ larger than the size of C and thus C{D')^ is smaller than by a factor of roughly 
A^. We argue further that this code C{D') also satisfies the same invariant structure as C and so 
one can apply Lemma [TH and Theorem [15] to it and thereby conclude that the number of weight 
k codewords in C{D')^ are also smaller than the number weight k codewords in by a factor of 
approximately A^. Finally we notice that the number of sets D' is o{N) and so the set U£)'C(D')"'" 
can not include all possible weight k codewords in C"*-, yielding the /c-single orbit property for C. 
This leads to the proofs of Theorem H] and [5] - see Section [3 



4 Representing sparse invariant codes by sparse polynomials 

In this section we study representations of affine-invariant and cyclic-invariant codes by polynomials 
and in particular prove Lemma[T2l (We will be using the definitions of the sets Pn,d, and Pn-i,d 
as defined in Section [3] heavily throughout this section.) 

We start by recalling some standard properties of the Trace function. Recall that Trace(rc) = x + 
x'^+x^+- ■ ■+x'^" . The Trace function is linear, i.e. Trace(a-|-/3) = Trace(a)-|-Trace(/3) Va, (3 € F^v- 
Recall that every function from F^r to Ftv and hence every function from F^r to F2 is the evaluation 
of polynomial from FAr[x]. More useful to us is the fact that every function from F^v to F2 can also 
be expressed as the trace of a polynomial from FAr[2;], however this representation is not unique. 
E.g., Trace(x'^) = Trace(x^'^) = Trace(x^'''^). However if we restrict to the setting of polynomials 
from Pn,v then this representation is unique, as shown below. 

Lemma 16 For every word w : Fjv — ^2 (respectively w : F^ ^^2) there is a unique polynomial 
P £ Pn,v (respectively p S Pn~i,v) such that w{x) = Trace(p(x)). 

Proof: Since every function w : Fjv —>■ F^r, we can write w{x) uniquely as "^j^^ c-ix"^ for some 
coefficients Cj G F^r. The condition that w{a) £ {0, 1} for every a G Fjy, yields some constraints 
on Cj. In particular we have it)(a)'^ = w{a) for every a € ¥n and so w{x)'^ = w{x) (modx^ — x). 
But w{x)'^ = Yli^=^^ '^i^'^^ equating coefficients we have, Cq = cq, c^_i = cn-i, and 

C2i (modAf-i) = for every i G {1, . . . , A^ — 2}. Thus writing the set {0, . . . , A^ — 1} (the set of 
degrees of x) as {0, A^ — 1} U (Urfgx'-{Af-i}orb((i)), where the sets orb(d) are disjoint, we have that 
w{x) = cqx^ + CAr_i3;^~^ + Yld£V-{N-i} '^^^'^^i^dx'^) ■ Furthermore co,cn-i G F2 (since Cq = cq 
and c'j^_i = CAT-i). Finally, using the fact that Trace(a) = a for a E F2 (using the fact that n is 
odd), we have w{x) = Trace(p(x)) where p{x) = cqx^ + cat-ix^^^ + J2deV-{N-i} ^d^'^i which is 
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by definition a member of Pn,!) ■ This concludes the proof for the case of functions mapping Fjy 
to F2. For the case of functions w : ¥2, the proof is similar except we start by writing w 

uniquely as Cja;* (and so x^~^ plays the role of the constant function 1). I 



Lemma 17 Suppose C C {Fjv F2} is an affine invariant code containing the word w = 
Trace(p(a;)) for some p E Pn,v- Then, for every monomial x'^ in the support of p, the function 
Trace(x^) is in C. Furthermore, if e ^ {0, — 1} then for every (3 € Fat, Trace(/3x^) G C. 

Similarly if C Q {FJ^ ¥2} is cyclic invariant code containing the word w = Trace(p(x) for 
p E Pn-i,v- Then, for every monomial in the support of p, the function Trace(x'^) is in C. If 
e ^ N — 1 then for every (3 € Fjv, Trace(/3x^) G C. 



Proof: The proof is essentially from [15j. Since their proof is a bit more complex (and considers 
more general class of functions and non-prime n) , we include the proof in our setting for complete- 
ness. 

We start with the cyclic invariant case. Let p{x) = Yldev'^dx'^, where cn-i G {0,1} and let 
w{x) = Trace(|?(2;)). Fix e in the support of p. We first consider the case e ^ N — 1. We wish to 
show that Trace(/3x^) is in C for every /3 G F^r. Note that for every a G F^, w{ax) is in C (by the 
cyclic invariance). Furthermore, the function X^^teF* Trace(a~*^)t(;(ax) is also in C (by linearity). 
But as we show below this term is simply Trace(ceX^). 



Trace(Q '^)w{ax) = Trace(Q '^)Trace(p(Qx)) 

a&lf \j=0 J \i=0 dev 

n—1 n—1 

= EEE^"-'^" E 

j=0 i=0 deV "GIP'^ 



Recall that 'Ylia&* ce* is if t ^ 0(modA^ — 1) and 1 if t = 0. So we conclude that the innermost sum 
is non-zero only if d • 2* = (modA^ — 1) which in turn happens only when d = e and j = i (since 
both d,e £ V — {N — 1}). We conclude YIugf*^ Ti:ace{a~^)w{ax) = "^^Zo cfx^ '^^ = Trace(cex'^). 

Finally, we need to show that Trace{px^) is also in C. To see this, consider the set S C F^r 
defined as S = {7[Trace(ce7x'^) G C}. We know S is non-empty (since 1 G S*), S" is closed under 
addition, and if P € S, then so is /? • (""^ for every C G Fjy. Thus, in particular, S contains the 
set T = {p{uj'^)\p G F2[x]} where co is the multiplicative generator of F^. T is again closed under 
addition and also under multiplication and so is a subfield of F^v- Finally it includes uj^ as an 
element and so T = F^r (the only strict subfield of F^r is F2 which does not contain for e G 15) . 
We thus conclude that both S and T equal ¥j\f and so for every /? G Fjv, Trace(/3xe) G C. 

To prove the lemma for the cyclic invariant case, it remains to consider the case e = N — 1. By 
hypothesis ctv-i = 1 in this case. Thus we consider the simpler function X^^gp* w{ax) which is 
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also in C. It can be argued as above that this function equals c^^ix^ ^ = ^ = Trace(x^ ^). 
This concludes the analysis of the cyclic invariant case. 

The affine invariant case is similar (and indeed only needs to use the facts that w{ax) is in C for 
every a G Ftv, and the linearity of C). I 

We now use Lemma [T7] to characterize cyclic invariant families, while also working towards the 
characterization of affine invariant families. 

Lemma 18 For every affine invariant code C C {Fjv — > F2} there exists a (unique) set D <^ V 
such that C = {Trace{p)\p G Pn,d}- 

For every cyclic invariant family C Q {F|^ — > F2} there exists a (unique) set D C V such that 
C = {Trace(p)|p G Pn-i,d}- 

Proof: We start with the affine-invariant case (the cyclic case is almost identical). We let D be the 
set of all integers d G V such that there is some polynomial p G Pn,v with positive support on the 
monomial x'^ such that Trace(p) G C. By Lemma [T71 we have that every function Tva,ce{Px'^) G C 
for every f3 G F^r, if d ^ {0, N — 1}. Furthermore since Trace((x + 1)*^) is also in C, it follows that 
the constant function 1 is also in C. We conclude that the traces of all the polynomials in Pn,d are 
in C. Conversely, it can also be verified that every function in C is a trace of a polynomial in Pn,d- 

The cyclic- invariant case is similar. I 

Lemma [18] essentially suffices to yield Lemma [T2] for the cyclic case (though we still need to verify 
that l^*! is small as claimed). For the affine case we need to work a little harder to bound the size 
of the integers in D. To do so we note that affine-invariant properties have further constraints on 
the set D. 

For non-negative integers d and e we say e is in the shadow of d (denoted e ^ d) if in the binary 
representations d = Y^- dj2* and e = Y^,- 6^2* with di, Cj G {0, 1}, it is the case that Cj < di for every 
i. We note that affine-invariant codes are characterized by codes with a "shadow-closure" property 
described below. 

Lemma 19 If C is an affine-invariant code, Trace(x'^) G C and e < d then Trace(x'^) G C. 

Proof: Since Trace(x'^) G C and C is affine invariant, then Trace((x-|-1)'^) G C. But {x+lY = Y{iO-+ 
^y^2i ^ ni(l +^*^') = Ee^da;^ Therefore, Trace(X; x") G C and by Lemma [IT] Trace (x'^) G C. 

I 

We can now complete the proof of Lemma [12] 

Proof of Lemma 1121 : For the cyclic invariant case, the lemma is immediate from Lemma [THl 
which claims that every cyclic invariant code C = Cn-i{D) = {Trace(p)|p G Pm-i,d} for some 
Dep. Conversely, it can be verified that for every D ^T>, the code C{D) is cyclic invariant and 
maps F^ to F2. Finally, since for every pair of functions pi 7^ P2 £ Pn-i,d Trace (pi) 7^ Trace (^2)1 
we have that \C\ = |i=V_i,D| > A^'-^' yielding \D\ < t if \C\ < NK 



11 



We now consider the affine invariant case. Consider an affine-invariant code C. By Lemma [THl there 
is a set D Q D such that C = Cj\f{D) = {Trace(p)||) G Pn,d}- As above we also have \D\ < t 
\C\ < NK It remains to be shown that D C {1, . . . , iVi-V*}. 

For this part we use Lemma [T9l to note first that the set D should be "shadow-closed", i.e., if (i £ 
and e ~< d then e G D. Now consider the "binary weight" of the integers d £ D, i.e., the number of 
non-zero bits in the binary representation of d. We claim that for every integer d € D, its binary 
weight is (very crudely) at most t (or else its shadow and hence D has more than t elements). It 
follows that the integer d = min-orb(d) < 2""^"^"^/*^ = N^~^^^. Since this holds for every d € -D, we 
conclude that D C {1, . . . , [A^^~^/*J}. This yields the proof of Lemma [T2] for the affine-invariant 
case. I 



5 Proofs of Main theorems 

We now derive the proofs of the main theorems. 
5.1 Analysis of the cyclic case 

Proof of Theorem [5l Let 5 = 5{t) and 5' = 5'{t + 1) be as given by Lemma [14] for the cyclic 
invariant case (so codes of length — 1 have distance roughly 1/2 — N~^). Let c = 2 and let 
^0 = kQ{c,t,5) and kQ = ko{c,t + 1,6') be as given by Theorem [TSl We prove the theorem for 
k = max{A;o, ^q}. 

Fix so that — 1 is prime and let C C {F^ ^ F2} be a cyclic code of cardinality at most 
NK Let D CV be as given by Lemma [T2l so that C = {Trace(p)|p G Pn~i,d}- For d £ V - D, 
let C{d) = {Trace(p)|p G PN-i,Du{d}}- Our analysis below will show that (1) Every codeword in 
w G — UdeT)-D{C{d)-^) generates the code by its cyclic shifts, i.e., = Span{w{ax)\a G F^}, 
and (2) There is a codeword of weight A; in C"*- — L}d£V-D{C{d)^). Putting the two together we get 
the proof of the theorem. 

We start with the first part. Consider any codeword w G C"*". We claim that if Span{?i;(ax)} 7^ 
C"*-, then there must exist an element d £ V — D such that w £ C{d)-^. To see this, first note 
that Span{u;(ax)} is a code invariant under the cyclic group, and is contained in C^. Thus if 
Span{w{ax)} 7^ C"*- then it must be strictly contained in C"*- and so (Span{?x;(Qa;)})^ must be a strict 
superset of C. Using Lemma [12] there must exist a set D' such that {Sp&n{w{ax)})-^ = P/v_i^£)'. 
Furthermore D' must be a strict superset of D and so there must exist an element d £ D' — D. We 
claim that w £ C{d)^ . This is so since C{d) C (S\)aD.{w{ax)})^ and so w G (Span{it;(ax)}) C C{d)^. 
This concludes the proof of the first claim. 

It remains to show that there is a codeword of weight k m. — Udgx>-Z)(C(d)^). For this we 
employ simple counting arguments. We first note that, using Lemma [Til that C is a code satisfying 
1 _ < s{C) <\ + N-^. Hence we can apply Theorem [15] to conclude that C"*" has at least 
(^)/(|C|) ■ (1 — 0(1/A^^)) codewords of weight k. On the other hand, for every fixed d £ T) — D, 
we have (by Lemma [Til again) ^ — A'^"'^' < 6{C{d)) < ^ + N~^' . Again applying Theorem 1151 we 
have C{d)-^ has at most (^) /{\C{d)\){l + 0{l/N^)) codewords of weight k. In case d = A^ - 1, then 
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|C((i)| = 2 • |C|. In case d ^ N — 1 then |C(d)| = N ■ \C\. Thus we can bound the total number of 
codewords of weight k in \JdeV-DC{d)^ from above by 

where above we use the fact that [D] < N/ log2 N. For sufficiently large (i-e., when 1/ log2 N + 
0(l/iV^) < 1/2) we have that this quantity is strictly smaller than (^)/(|C|) • (1 - 0{l/N'^)), which 
was our lower bound on the number of codewords of weight k in C"*-. We conclude that there is a 
codeword of weight k in C-^ — Lldev~D{C{d)-^) as claimed. 

This concludes the proof of the theorem. I 

5.2 Analysis of the afRne-invariant case 

Proof of Theorem |4l The proof is similar to the proof of Theorem [5] with the main difference 
being that we need to argue that the polynomials associated with functions in C and C{d) are of 
somewhat low-degree (to be able to conclude that they have high-distance). Details below. 

Given t, let 6 be from Lemma O and let k be large enough for application of Theorem [T5l Fix 
iV = 2"" for prime n and and let C be an affine- invariant code of cardinality A^*. Let D C 2? be a set 
of cardinality at most t and consisting of integers smaller that A^^^^/* such that C = {Trace(p)|p G 
Pn,d} (as given by Lemma [T2]l . For d £ V — D, let C{d) = {Trace(p)|p G PN,D\j{d}}- 

Let V = {V-D)r\{l,..., [iVi- V*J }. 

Similar to the proof of Theorem [5] we argue that if there is a weight k codeword w in that is 
not in some C{d)^ , but now only for every d € V , then {Span(ti;(ax + f3)\a E F^,/3 € F^v} = C"*". 
The same counting argument as in the proof of Theorem [5] suffices to show that such a word does 
exist. 

Consider w £ and the code {Span(t(;(ax + I3)\a G IF|^r,/J € Fjv}. {Span(t(;(ax + (5)} is affine 
invariant and so is given by Pn,e for some shadow-closed set E. If {Span('u;(aa; + /?)}"'" 7^ C then 
E strictly contains D and so there must exist some element d' € E — D. Now consider smallest 
binary weight element d < d' such that d G E — D. We claim that the binary weight of d must 
be at most t + 1 (since elements of D have binary weight at most t). We then conclude that 
w € {Span{w{ax + /?)} C C{d)-^ yielding the claim. 

The counting argument to show there is a codeword of weight k in C"*- — {Ud^v'Cid)'^ is now same 
as in the proof of Theorem [5] except that we use the affine- invariant part of Lemma [Ml 

This completes the proof of Theorem 21 I 



Acknowledgments 

We would like to thank Oded Goldreich for valuable suggestions and anonymous reviewers for 
detecting several omissions and errors in a prior version of this paper. We thank Swastik Kopparty 
for helpful discussions. 



13 



References 



[1] Noga Alon, Tali Kaufman, Michael Krivelevich, Simon Litsyn, and Dana Ron. Testing low- 
degree polynomials over GF(2). In Proceedings of the 7th International Workshop on Random- 
ization and Approximation Techniques in Computer Science (RANDOM 2003), Lecture Notes 
in Computer Science, vol. 2764, pages 188-199, New York, 2003. Springer. 

[2] Manuel Blum, Michael Luby, and Ronitt Rubinfeld. Self-testing/correcting with applications 
to numerical problems. Journal of Computer and System Sciences, 47(3):549-595, 1993. 

[3] J. Bourgain. Mordell's exponential sum estimate revisited. J. Amer. Math. Soc, 18(2):477-499 
(electronic), 2005. 

[4] J. Bourgain. Some arithmetical applications of the sum-product theorems in finite fields. In 
Geometric aspects of functional analysis, volume 1910 of Lecture Notes in Math., pages 99-116. 
Springer, Berlin, 2007. 

[5] J. Bourgain, N. Katz, and T. Tao. A sum-product estimate in finite fields, and applications. 
Geom. Funct. Anal, 14(l):27-57, 2004. 

[6] Jean Bourgain and Mei-Chu Chang. A Gauss sum estimate in arbitrary finite fields. C. R. 
Math. Acad. Sci. Paris, 342(9) :643-646, 2006. 

[7] Jean Bourgain and S. V. Konyagin. Estimates for the number of sums and products and 
for exponential sums over subgroups in fields of prime order. C. R. Math. Acad. Sci. Paris, 
337(2):75-80, 2003. 

[8] Oded Goldreich, Shafi Goldwasser, and Dana Ron. Property testing and its connection to 
learning and approximation. JACM, 45(4):653-750, 1998. 

[9] Odcd Goldreich and Madhu Sudan. Locally testable codes and PCPs of almost-linear length. 
J. ACM, 53(4):558-655, 2006. Preliminary version in FOCS 2002. 

[10] Charanjit S. Jutla, Anindya C. Patthak, Atri Rudra, and David Zuckcrman. Testing low-dcgrcc 
polynomials over prime fields. In FOCS '04: Proceedings of the Forty-Fifth Annual IEEE 
Symposium on Foundations of Computer Science, pages 423-432. IEEE Computer Society, 
2004. 

[11] Tali Kaufman and Simon Litsyn. Almost orthogonal linear codes are locally testable. In FOCS, 
pages 317-326. IEEE Computer Society, 2005. 

[12] Tali Kaufman and Simon Litsyn. Long extended bch codes are spanned by minimum weight 
words. In Marc P. C. Fossorier, Hideki Imai, Shu Lin, and Alain Poll, editors, AAECC, volume 
3857 of Lecture Notes in Computer Science, pages 285-294. Springer, 2006. 

[13] Tali Kaufman and Dana Ron. Testing polynomials over general fields. In Proceedings of the 
Forty-fifthth Annual Symposium on Foundations of Computer Science, pages 413-422, 2004. 

[14] Tali Kaufman and Madhu Sudan. Sparse random linear codes are locally decodable and 
testable. In FOCS, pages 590-600. IEEE Computer Society, 2007. 



14 



[15] Tali Kaufman and Madhu Sudan. Algebraic property testing: the role of invariance. In 
Richard E. Ladner and Cynthia Dwork, editors, STOC, pages 403-412. ACM, 2008. 

[16] F. J. Mac Williams and Neil J. A. Sloane. The Theory of Error- Correcting Codes. 
Elsevier /North-Holland, Amsterdam, 1981. 

[17] Ronitt Rubinfeld and Madhu Sudan. Robust characterizations of polynomials with applications 
to program testing. SIAM Journal on Computing, 25(2):252"271, April 1996. 

[18] Jacobus H. van Lint. Introduction to Coding Theory. Graduate Texts in Mathematics 86, 
(Third Edition) Springer- Verlag, Berlin, 1999. 

A On using results from additive number theory 

As pointed out earlier Theorem 7 of [3] only considers the analog of Theorem 1131 where the field F is 
of prime cardinality A^, and shows that for any additive character Xi I Ylx&^^f ^'^))\ — ■ Here 
we mention the modifications necessary to extend the proof to the case where F^r is of cardinality 
2^ with n being prime. 

In [3] the proof reduces to the two cases r = 1 and r = 2. The case r = 1 in the prime case was 
obtained in [7]. In our case, where N = 2^, the r = 1 case was shown in For r = 2 the proof in 
the prime case applied the sum-product theorem from [5j and uses Proposition 1 of We note 
that Proposition 1 of [Ij works also when the field is not of prime cardinality. As argued in [5], 
the sum-product statement might weaken for more general fields only when the field Fjv contains 
somewhat large subfields. However, when n is prime F2n contains only the constant size base field 
F2. We conclude that when F = {n prime) it remains true that if a set j4 C Fjy has size 
1 < 1^41 < N'^'^ for some given e then |A + ^41 + 1^4 • ^41 > C|A|^+'^, for some 5 = (5(e). The key 
ingredient of the proof in [4J is an additional sum-product theorem in the additive/multiplicative 
group Ftv X Fjv with N prime, where addition and multiplication are defined coordinate- wise. The 
equivalent formulation for our case F2n x F21 follows exactly as in [3] , and so does the rest of the 
proof. 
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